Cofense

CapCut Con: Apple Phishing & Card-Stealing Refund Ruse

Threat actors are leveraging the popularity of CapCut, a widely used video editing app, to execute a sophisticated phishing campaign aimed at stealing Apple ID credentials and credit card information.

Phishing Campaign Exploits Google Apps Script to Steal Credentials via Fake Invoice Pages

The phishing campaign begins with a spoofed email impersonating a legitimate company that provides disability and health equipment. The email contains a link to a fake invoice hosted on script[.]google[.]com, a legitimate Google domain.

Phishing Campaign Spoofs Coursera to Steal Facebook Credentials via Fake Meta Certificate Offer

A sophisticated phishing campaign has been uncovered that impersonates Coursera and offers a free Meta Social Media Marketing certificate to lure victims into a multi-stage phishing trap.

Phishing Campaign Impersonates Apple Pay and Yahoo to Steal Credentials and Financial Data

A sophisticated phishing campaign is targeting Apple Pay and Yahoo users. It leverages realistic email and web page impersonations to steal sensitive credentials, financial data, and personal information.

Using Blob URLs to Bypass SEGs and Evade Analysis

Threat actors are increasingly leveraging blob URIs (Uniform Resource Identifiers) to deliver credential phishing pages that bypass Secure Email Gateways (SEGs) and evade automated analysis.

Precision-Validated Phishing: A New Threat to Defenders​

A new phishing tactic known as Precision-Validated Phishing is being leveraged by cybercriminals to enhance the effectiveness of credential theft campaigns. This technique uses real-time email validation.

Streaming Services: A New Front for Cybersecurity Threats

A recent phishing campaign has been uncovered targeting Spotify users through a spoofed email that mimics official Spotify communications. The attackers embedded legitimate Spotify URLs within the email to lend credibility.

HR-Themed Phishing Exploits Q1 Evaluations: Stay Alert

A recent phishing campaign exploits the timing of Q1 evaluations by impersonating internal HR communications to deceive employees. The campaign culminates in credential theft via a spoofed Microsoft login page.

Decoding Fake US ESTA Emails: Scam or Real Deal?

A sophisticated phishing campaign is targeting individuals seeking U.S. travel authorization by impersonating the U.S. Customs and Border Protection (CBP) and the Electronic System for Travel Authorization (ESTA).

Double-Edged Email Attacks: Phishing & Malware Tactics​

A recent phishing campaign leverages a dual-threat strategy combining credential harvesting and malware delivery. Disguised as a file deletion alert, the attack exploits user trust to deploy the ConnectWise RAT or steal Office365 credentials.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags